diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-12-19 19:19:00 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-01-01 23:32:22 +0000 |
| commit | a67cb9bf1c092e9ade210cb9d894664298687f8f (patch) | |
| tree | 58ad7db4a14081410849f09ad26a2a64364bcd62 | |
| parent | 6a3f563a4b9449b257015f6118821057239a395b (diff) | |
| download | dbus-a67cb9bf1c092e9ade210cb9d894664298687f8f.tar.gz | |
Hardening: only allow the uid of the dbus-daemon to call UpdateActivationEnvironment
As with the previous commit, this is probably not actually privilege
escalation due to the use of an activation helper that cleans up its
environment, but let's be extra-careful here.
Reviewed-by: Thiago Macieira <thiago@kde.org>
[adjusted commit message -smcv]
| -rw-r--r-- | bus/driver.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/bus/driver.c b/bus/driver.c index 0b9c3ed5..f5d3ebe2 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -881,6 +881,41 @@ bus_driver_handle_update_activation_environment (DBusConnection *connection, if (!bus_driver_check_message_is_for_us (message, error)) return FALSE; +#ifdef DBUS_UNIX + { + /* UpdateActivationEnvironment is basically a recipe for privilege + * escalation so let's be extra-careful: do not allow the sysadmin + * to shoot themselves in the foot. */ + unsigned long uid; + + if (!dbus_connection_get_unix_user (connection, &uid)) + { + bus_context_log (bus_transaction_get_context (transaction), + DBUS_SYSTEM_LOG_SECURITY, + "rejected attempt to call UpdateActivationEnvironment by " + "unknown uid"); + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "rejected attempt to call UpdateActivationEnvironment by " + "unknown uid"); + return FALSE; + } + + /* On the system bus, we could in principle allow uid 0 to call + * UpdateActivationEnvironment; but they should know better anyway, + * and our default system.conf has always forbidden it */ + if (!_dbus_unix_user_is_process_owner (uid)) + { + bus_context_log (bus_transaction_get_context (transaction), + DBUS_SYSTEM_LOG_SECURITY, + "rejected attempt to call UpdateActivationEnvironment by uid %lu", + uid); + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "rejected attempt to call UpdateActivationEnvironment"); + return FALSE; + } + } +#endif + activation = bus_connection_get_activation (connection); dbus_message_iter_init (message, &iter); |